[Bro] BRO 2.0 - SMTP - Saving file attachments causing many packet Drops
John Merit
jmerit.jd at gmail.com
Tue Nov 29 06:55:05 PST 2011
Hello,
I moved to BRO 2.0 few days ago, so far it works great.
I am testing the SMTP write file to disk feature (entities.bro) which also
works great on file attachments.
Due to load on my machine (60mbps) there are packet drops which causes the
file assembly to be corrupted (BRO is running on tap and not in-line).
I suspect that the drops are caused by the excessive I/O when writing these
attachments to disk.
I decided to optimize bro to get rid of the drops:
- I disabled all the scripts in init-default.bro (beside smtp) and also
logging capabilities.
- Increased the system allocated buffer size in setvbuf() (BroFile::SetBuf
- File.cc)
- Writing the file into tmpfs instead of the local directory
I am still suffering drops.
Am i doing something wrong? is there anyway to optimize it even better to
get rid of the drops?
Thank You,
JD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20111129/455aa9d6/attachment.html
More information about the Bro
mailing list